Total
1506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30104 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2024-30093 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 7.3 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||
| CVE-2024-30076 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-06-17 | N/A | 6.8 MEDIUM |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-30065 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Windows Themes Denial of Service Vulnerability | |||||
| CVE-2024-30060 | 1 Microsoft | 1 Azure Monitor Agent | 2026-06-17 | N/A | 7.8 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-30033 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2026-06-17 | N/A | 7.0 HIGH |
| Windows Search Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-30018 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-29989 | 1 Microsoft | 1 Azure Monitor Agent | 2026-06-17 | N/A | 8.4 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-29069 | 1 Canonical | 1 Snapd | 2026-06-17 | N/A | 4.8 MEDIUM |
| In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information. | |||||
| CVE-2024-28916 | 1 Microsoft | 1 Xbox Gaming Services | 2026-06-17 | N/A | 8.8 HIGH |
| Xbox Gaming Services Elevation of Privilege Vulnerability | |||||
| CVE-2024-28907 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
| CVE-2024-28189 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1. | |||||
| CVE-2024-28185 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox. | |||||
| CVE-2024-27885 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 6.3 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-27458 | 2026-06-17 | N/A | 8.8 HIGH | ||
| A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. | |||||
| CVE-2024-26238 | 1 Microsoft | 2 Windows 10 21h2, Windows 10 22h2 | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | |||||
| CVE-2024-26216 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2026-06-17 | N/A | 7.3 HIGH |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-26199 | 1 Microsoft | 1 365 Apps | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2024-26158 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft Install Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-25953 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||